Subject: How to Disable forgot-password Routes in ReDoc Documentation Only?
jimmyMorizot opened this issue · 0 comments
Hello,
I am currently using the CoopTilleulsForgotPasswordBundle in my Symfony project alongside API Platform for generating OpenAPI documentation. I have a specific need to exclude the forgot-password routes from the documentation when using ReDoc, but keep them in the Swagger UI documentation.
Here is the context:
Swagger UI Documentation:
I need to include the documentation for all my exposed entities so my colleague, who is developing the frontend, can see and use this documentation.
ReDoc Documentation:
I need to include only specific entities as this documentation will be used for web services that connect their applications to mine. In this documentation, I am struggling to exclude the forgot-password routes.
Here is my current CustomOpenApiFactory implementation:
`<?php
namespace App\OpenApi;
use ApiPlatform\OpenApi\Factory\OpenApiFactoryInterface;
use ApiPlatform\OpenApi\OpenApi;
use ApiPlatform\OpenApi\Model;
use ApiPlatform\OpenApi\Model\Paths;
use CoopTilleuls\ForgotPasswordBundle\Bridge\ApiPlatform\OpenApi\AbstractOpenApiFactory;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Routing\RouterInterface;
use CoopTilleuls\ForgotPasswordBundle\Provider\ProviderChainInterface;
class CustomOpenApiFactory extends AbstractOpenApiFactory implements OpenApiFactoryInterface
{
private $requestStack;
public function __construct(OpenApiFactoryInterface $decorated, RequestStack $requestStack, RouterInterface $router, ProviderChainInterface $providerChain)
{
parent::__construct($decorated, $router, $providerChain);
$this->requestStack = $requestStack;
}
public function __invoke(array $context = []): OpenApi
{
$openApi = parent::__invoke($context);
$request = $this->requestStack->getCurrentRequest();
if ($request && $request->query->get('ui') === 're_doc') {
$allowedEntities = [
'/api/vehicles',
'/api/vehicles/{id}',
'/api/contacts',
'/api/contacts/{id}',
'/api/contact_has_vehicles',
'/api/contact_has_vehicles/{id}',
'/api/leads',
'/api/leads/{id}',
'/api/proposals',
'/api/proposals/{id}',
'/api/reports',
'/api/reports/{id}',
];
$filteredPaths = new Paths();
foreach ($allowedEntities as $allowedPath) {
$pathItem = $openApi->getPaths()->getPath($allowedPath);
if ($pathItem) {
$filteredPaths->addPath($allowedPath, $pathItem);
}
}
$securityScheme = new Model\SecurityScheme(
'apiKey',
'API Key',
'X-API-KEY',
'header'
);
$securitySchemes = new \ArrayObject(['API' => $securityScheme]);
$components = $openApi->getComponents()->withSecuritySchemes($securitySchemes);
return $openApi->withPaths($filteredPaths)
->withComponents($components)
->withSecurity([['API' => []]]);
}
return $openApi;
}
}
`
Despite this setup, the forgot-password routes still appear in the ReDoc documentation. Here are the routes I would like to exclude specifically:
/api/forgot-password
/api/forgot-password/{tokenValue}
/api/forgot-password/{tokenValue}/reset
I have verified that the routes are correctly defined and that the paths are being processed. However, they are not being excluded as expected.
Is there a recommended way to specifically disable or exclude these routes from appearing in the ReDoc documentation only, while keeping them available for other API documentation tools like Swagger UI?
Thank you in advance for your assistance.
